GSOC Watch Desk Analyst

About the role

The Watch Desk Analyst (focus on Brand & Cyber) is an entry-level role within the GSOC (Global Security Operations Center) to support the Global Security Intelligence function. Its primary focus is Brand Threat Intelligence & Protection - including VIP / executive monitoring - protecting the company's brand, customers and people from phishing, impersonation, fake apps, fraudulent ads, data-leak claims and reputational attacks. The work is OSINT-led and supported by specialist monitoring vendors that the analyst tasks and triages. The main output is fast Level 1-2 intelligence - Flash Reports and Info Reports - that drives immediate decisions and feeds the GSOC Watch Desk in real time through alert triage and escalation. As secondary scope, the analyst keeps working-level Cyber Threat Intelligence - connecting leaked credentials, exposed data and phishing infrastructure to customer harm - plus the basics of Security Risk Intelligence when needed. It suits someone with an investigative mindset and solid OSINT/SOCMINT instincts who can separate signal from noise and communicate clearly under pressure. Tasks and responsibilities Brand Threat Intelligence & Protection Continuously monitor open sources - social media, app stores, paid-ad networks, search results and domains/DNS - and triage alerts from brand-protection / monitoring vendors for abuse of the company's brand, logos, domains and products. Detect and triage phishing sites, fake apps, fraudulent ads, impersonation profiles (including executive and customer-support impersonation), spoofed domains and counterfeit or scam campaigns targeting customers. Work the detection queue from brand-protection vendors (e.g. AXUR): validate suspicious assets using the company's identity, decide takedown vs. legitimate, and record decisions in the tracking workflow - keeping the queue clean and critical items escalated. Own the takedown lifecycle end to end: evidence capture, classification, submission to registrars, hosts, app stores and platforms, follow-up and confirmation - tracking time-to-takedown and recurrence. Monitor for and assess brand-reputation threats: coordinated disinformation, smear campaigns, viral complaints with security implications, and narrative attacks against the company or its leadership. Track fraud and social-engineering trends affecting customers (e.g. golpe do falso funcionário, Pix scams, fake support lines) and surface them to fraud, comms and product stakeholders. Conduct VIP / executive monitoring: track exposure of executives and high-profile employees through open-source research and vendor feeds - impersonation, doxxing, leaked personal data, threats and hostile chatter - and surface protective intelligence to Executive Protection. Maintain watchlists of malicious domains, impersonation accounts, recurring threat actors and abuse patterns targeting the brand and its executives. Cyber Threat Intelligence - supporting literacy Triage and act on alerts from threat-intelligence / DRP vendors covering mentions of the company, leaked credentials, exposed data and chatter targeting the company, its customers or its executives - validating, prioritising and enriching vendor findings. Recognize common attack vectors and indicators of compromise (phishing kits, malicious domains/IPs, credential dumps, ATO and carding activity) and route them to the relevant SOC / cyber teams with enriched context. Correlate cyber signals with brand and physical threats to surface cross-domain risk - e.g. leaked data fuelling targeted phishing, or a credential leak preceding an impersonation wave. Maintain working fluency with the threat-intelligence lifecycle and frameworks (e.g. MITRE ATT&CK, the cyber kill chain) to engage credibly with cyber counterparts. Monitoring, Triage & Reporting Perform initial triage of incoming signals: assess relevance and severity, enrich with context, and route or escalate accordingly. Keep alert queues clean and route alerts between GS Intelligence (Core) and the Watch Desk, ensuring critical occurrences reach the right stakeholders quickly. Primary deliverable - produce Level 1-2 intelligence at speed: Flash Reports and Info Reports (plus FYIs and short-form notes) that enable rapid decision-making, with clear, actionable framing and consistent format. Use AI-enabled workflows (LLMs and lightweight automation) to accelerate enrichment, translation, entity extraction, summarization and triage - always with prompt validation, cross-source verification and human judgment retained over the final output. Analyse patterns across incidents to identify trends, recurring actors and systemic risks; contribute to threat profiles and scenario assessments. Georeference incidents and threats where relevant to evaluate impact on people, operations, travel and executive movements. Operational Support Support crisis and incident response, and draft timely communications to stakeholders. Respond to Requests for Information (RFIs) from securit

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Control Risks? Share your experience